nyxCorenyxCore

Technical Deep Dive

DeveloperEvaluator14 min read

nyxCore — Technical Architecture Documentation

A multi-tenant, LLM-orchestrated intelligence platform with built-in anti-hallucination safeguards, persona-driven reasoning, and enterprise-grade security.

Table of Contents

  1. System Architecture
  2. The Persona Engine
  3. The Devil's Advocate Unit — Ipcha Mistabra
  4. Workflow Engine
  5. Axiom RAG Knowledge System
  6. Project Sync Pipeline
  7. Consolidation & Memory
  8. Multi-Tenancy & Security
  9. LLM Provider Architecture (BYOK)
  10. Performance & Cost Models

1. System Architecture

nyxCore is built on Next.js 14 App Router with TypeScript strict mode, combining tRPC for type-safe client-server communication with SSE (Server-Sent Events) for real-time streaming.

graph TB subgraph Client["Client Layer"] UI["React UI<br/>Dashboard + Components"] TRPC_C["tRPC Client<br/>httpBatchLink"] SSE_C["useSSE Hook<br/>EventSource"] end subgraph API["API Layer"] TRPC_S["tRPC Router<br/>8 Domain Routers"] SSE_S["REST /api/v1/events<br/>SSE Streaming"] MW["Middleware Chain<br/>RateLimit → Auth → Tenant"] end subgraph Services["Service Layer"] WF["Workflow Engine<br/>AsyncGenerator"] DS["Discussion Service<br/>3 Modes"] PS["Persona Engine<br/>Evaluation + Matching"] CS["Consolidation<br/>Pattern Extraction"] AX["Axiom RAG<br/>Hybrid Search"] SYNC["Project Sync<br/>9-Phase Pipeline"] EMB["Embedding Service<br/>text-embedding-3-small"] end subgraph Data["Data Layer"] PG["PostgreSQL 16<br/>+ pgvector + RLS"] RD["Redis 7<br/>Rate Limiting"] GH["GitHub API<br/>Repository Sync"] end UI --> TRPC_C --> TRPC_S UI --> SSE_C --> SSE_S TRPC_S --> MW --> Services SSE_S --> MW Services --> PG Services --> RD SYNC --> GH EMB --> PG style Client fill:#1a1a2e,stroke:#e94560,color:#fff style API fill:#16213e,stroke:#0f3460,color:#fff style Services fill:#0f3460,stroke:#533483,color:#fff style Data fill:#533483,stroke:#e94560,color:#fff

Request Flow

sequenceDiagram participant C as Client participant T as tRPC Router participant M as Middleware participant S as Service participant DB as PostgreSQL + RLS C->>T: httpBatchLink request T->>M: createContext(session, prisma) M->>M: withRateLimit (100/min) M->>M: enforceAuth (JWT) M->>M: enforceTenant (extract tenantId) M->>S: Router procedure S->>DB: Query with RLS policy DB-->>S: Tenant-scoped data S-->>C: Type-safe response

Router Map

Router Procedures Purpose
dashboard 6 Widget layouts, stats aggregation
discussions 12 Multi-provider LLM conversations
workflows 18 Dynamic workflow builder + execution
memory 8 Knowledge base with full-text search
projects 14 Project + blog post management
consolidation 6 Cross-project pattern extraction
admin 10 API key vault, audit logs
axiom 9 RAG documents, search, API tokens

2. The Persona Engine

nyxCore's persona system creates specialized AI characters with domain expertise, evaluation frameworks, and dynamic growth — not static prompt templates.

Persona Data Model

erDiagram PERSONA { uuid id PK string name string role text systemPrompt json evaluationCriteria string scope "global | book" string[] categories float temperature int maxTokens json stats } TENANT ||--o{ PERSONA : owns PERSONA }o--o{ WORKFLOW_STEP : assigned PERSONA }o--o{ DISCUSSION : participates PERSONA ||--o{ PERSONA_EVALUATION : evaluated_by PERSONA_EVALUATION { uuid id PK float score json criteria text feedback timestamp evaluatedAt }

Category-Based Matching

Personas are matched to workflow steps via category tags. The matching algorithm:

$$ \text{match_score}(p, s) = \sum_{c \in C_s} \mathbb{1}[c \in C_p] \cdot w_c $$

Where $C_s$ is the set of categories required by step $s$, $C_p$ is the persona's category set, and $w_c$ is the category weight (default 1.0).

Persona Scoping Rules

graph TD A["Persona Request"] --> B{"scope == 'book'?"} B -->|Yes| C{"workflow.bookId set?"} C -->|Yes| D["Allow: Book persona in nyxBook workflow"] C -->|No| E["BLOCK: Book persona in non-book context"] B -->|No| F{"Explicitly requested?"} F -->|Yes| G["Allow: Global persona in any workflow"] F -->|No| H["Allow: Auto-assign via category matching"] style E fill:#e94560,stroke:#fff,color:#fff style D fill:#2ecc71,stroke:#fff,color:#fff style G fill:#2ecc71,stroke:#fff,color:#fff style H fill:#2ecc71,stroke:#fff,color:#fff

Evaluation Framework

Each persona is evaluated on structured criteria after workflow completion:

$$ E_p = \frac{1}{|W_p|} \sum_{w \in W_p} \left( \alpha \cdot Q_w + \beta \cdot R_w + \gamma \cdot C_w \right) $$

Where:

  • $E_p$ = overall persona evaluation score
  • $Q_w$ = quality score for workflow $w$ (0–1)
  • $R_w$ = relevance of persona's contribution (0–1)
  • $C_w$ = consistency with persona's defined role (0–1)
  • $\alpha, \beta, \gamma$ = weighting coefficients ($\alpha + \beta + \gamma = 1$)

Team Injection

In review steps, all assigned workflow personas are injected as an "Expert Team" context — providing the LLM with awareness of the full team perspective. This is limited to review steps only to prevent identity hallucination on unassigned steps.

graph LR subgraph Team["Expert Team Context"] P1["Security Analyst"] P2["Code Architect"] P3["UX Reviewer"] end Team --> RS["Review Step"] RS --> KP["Key Points Extraction"] KP --> INS["Insight Persistence"] style RS fill:#e94560,stroke:#fff,color:#fff

3. The Devil's Advocate Unit — Ipcha Mistabra

"Ipcha Mistabra" (Aramaic: אפכא מסתברא) — "the opposite is more likely." A Talmudic dialectical technique where an argument is systematically inverted to test its validity.

Historical Foundation

After the 1973 Yom Kippur War, Israeli Military Intelligence established the Devil's Advocate Unit (10th Directorate) to systematically challenge intelligence assessments and prevent catastrophic groupthink failures. The unit's mandate: for every intelligence conclusion, construct the strongest possible counter-argument.

nyxCore implements this principle as a computational anti-hallucination system across three layers:

Layer 1: Dual-Provider Consensus

graph TB INPUT["User Prompt"] --> P1["Provider A<br/>(e.g., Claude)"] INPUT --> P2["Provider B<br/>(e.g., GPT-4)"] P1 --> CAEL["'Cael' Judge Persona<br/>Ipcha Mistabra Engine"] P2 --> CAEL CAEL --> MERGE["Merged Output<br/>Validated + Synthesized"] CAEL --> CONFLICT["Conflict Report<br/>Divergence Analysis"] style CAEL fill:#e94560,stroke:#fff,color:#fff style CONFLICT fill:#f39c12,stroke:#fff,color:#fff

Two independent LLMs process the same prompt in parallel. The "Cael" persona — nyxCore's built-in judge — compares outputs, identifies divergences, and produces a synthesized result. When providers disagree, the conflict itself becomes signal.

Divergence detection formula:

$$ D(A, B) = 1 - \frac{|S_A \cap S_B|}{|S_A \cup S_B|} $$

Where $S_A$ and $S_B$ are the semantic claim sets from providers A and B. High divergence ($D > 0.3$) triggers explicit conflict resolution.

Layer 2: Consensus Discussion Mode

sequenceDiagram participant U as User participant M as Moderator participant PA as Provider A participant PB as Provider B participant PC as Provider C U->>M: Topic / Question M->>PA: Round 1: Independent analysis M->>PB: Round 1: Independent analysis M->>PC: Round 1: Independent analysis PA-->>M: Position A PB-->>M: Position B PC-->>M: Position C M->>PA: Round 2: Respond to B, C positions M->>PB: Round 2: Respond to A, C positions M->>PC: Round 2: Respond to A, B positions PA-->>M: Refined A' PB-->>M: Refined B' PC-->>M: Refined C' M->>M: Synthesize consensus M-->>U: Final output + dissent report

The Consensus mode runs multiple LLM providers through a structured roundtable. Each provider sees and challenges the others' outputs across multiple rounds — a digital implementation of the Talmudic chavruta (study partner) tradition where truth emerges through dialectical opposition.

Layer 3: Review Step Key Point Extraction

Workflow review steps automatically extract structured findings with severity ratings:

graph TD LLM["LLM Analysis Output"] --> KPE["Key Point Extractor"] KPE --> S1["[CRITICAL] Security vulnerability"] KPE --> S2["[HIGH] Performance bottleneck"] KPE --> S3["[MEDIUM] Code smell"] KPE --> S4["[LOW] Style suggestion"] S1 --> PAIR["Auto-Pairing Engine"] S2 --> PAIR PAIR --> INS["Insight Persistence<br/>Vector Embeddings"] INS --> SEARCH["Hybrid Search<br/>70% vector + 30% text"] style S1 fill:#e94560,stroke:#fff,color:#fff style S2 fill:#f39c12,stroke:#fff,color:#fff

Pain points are automatically paired with strengths by category — creating a balanced assessment that resists LLM people-pleasing tendencies.

Anti-Hallucination Effectiveness Model

The probability of a hallucination surviving nyxCore's multi-layer validation:

$$ P(\text{hallucination survives}) = P(H_1) \cdot P(H_2 | H_1) \cdot P(H_3 | H_1 \cap H_2) $$

Where:

  • $P(H_1)$ = probability both providers produce the same hallucination ≈ 0.05
  • $P(H_2 | H_1)$ = probability consensus round fails to catch it ≈ 0.15
  • $P(H_3 | H_1 \cap H_2)$ = probability review extraction misses it ≈ 0.20

$$ P(\text{hallucination survives}) \approx 0.05 \times 0.15 \times 0.20 = 0.0015 = 0.15% $$

Compare to single-provider hallucination rate of ~5–15%. nyxCore reduces hallucination pass-through by 97–99%.

4. Workflow Engine

The workflow engine is an AsyncGenerator-based pipeline supporting dynamic step composition, fan-out parallelism, template variable resolution, and checkpoint-based human review.

Step Types

graph TD subgraph Steps["Workflow Step Types"] LLM["llm<br/>Standard LLM call"] REV["review<br/>Pause + human checkpoint"] FAN["fan-out<br/>Split + parallel execution"] COND["conditional<br/>Branch on output"] end LLM --> DIG["Step Digest<br/>(if >2000 chars)"] REV --> KP["Key Points<br/>Extraction"] KP --> INS["Insight<br/>Persistence"] FAN --> SPLIT["Section Splitter<br/>Regex-based"] SPLIT --> SUB["Sub-outputs<br/>(per section)"]

Template Variable System

Variables are resolved at runtime via resolvePrompt():

Variable Source Description
{{input}} Workflow Input map provided at creation
{{steps.Label.content}} Previous step Auto-prefers digest if available
{{steps.Label.full}} Previous step Raw uncompressed output
{{consolidations}} Consolidation service Pattern hints from linked projects
{{memory}} Workflow insights Curated learnings via MemoryPicker
{{axiom}} Axiom RAG Mandatory rules + guidelines + context
{{database}} PostgreSQL Introspected schema (tables, indexes, RLS)
{{project.wisdom}} Auto-loaded Consolidation + code patterns
{{claudemd}} Linked repos CLAUDE.md/README.md content
{{fileTree}} Linked repos Directory listing
{{docs}} Linked repos Combined documentation

Fan-Out Architecture

graph TB SRC["Source Step Output<br/>'### 1. Auth<br/>### 2. API<br/>### 3. UI'"] SRC --> SPLIT["Section Splitter<br/>splitPattern: '###\\s+\\d+\\.'"] SPLIT --> S1["Section 1: Auth"] SPLIT --> S2["Section 2: API"] SPLIT --> S3["Section 3: UI"] S1 --> LLM1["LLM Call 1<br/>{{fanOut.section}}"] S2 --> LLM2["LLM Call 2<br/>{{fanOut.section}}"] S3 --> LLM3["LLM Call 3<br/>{{fanOut.section}}"] LLM1 --> SUB["subOutputs[]"] LLM2 --> SUB LLM3 --> SUB

Digest Compression

For steps producing outputs exceeding 2000 characters, an automatic digest is generated via Claude Haiku:

$$ \text{compression_ratio} = \frac{|\text{digest}|}{|\text{full_output}|} \approx 0.15 - 0.25 $$

Downstream steps use {{steps.Label.content}} which auto-selects the digest, keeping the total context within token budgets:

$$ T_{\text{effective}} = T_{\text{base}} + \sum_{i=1}^{n} \min(|s_i|, |d_i|) + |V_{\text{templates}}| $$

Where $T_{\text{base}}$ is the system prompt, $s_i$ is step output, $d_i$ is its digest, and $V_{\text{templates}}$ is the resolved template variable content.

5. Axiom RAG Knowledge System

Axiom provides project-scoped Retrieval-Augmented Generation with a three-tier authority model.

Authority Levels

graph TD subgraph Authority["Document Authority Hierarchy"] M["MANDATORY<br/>GDPR, ISO, Legal<br/>Always override"] G["GUIDELINE<br/>Styles, Conventions<br/>Default behavior"] I["INFORMATIONAL<br/>General context<br/>Background reference"] end M --> SEARCH["Hybrid Search Query"] G --> SEARCH I --> SEARCH SEARCH --> VEC["Vector Similarity<br/>70% weight<br/>pgvector HNSW"] SEARCH --> FTS["Full-Text Search<br/>30% weight<br/>tsvector"] VEC --> RANK["Combined Ranking"] FTS --> RANK RANK --> RES["Results<br/>Mandatory docs always first"] style M fill:#e94560,stroke:#fff,color:#fff style G fill:#f39c12,stroke:#fff,color:#fff style I fill:#3498db,stroke:#fff,color:#fff

Hybrid Search Scoring

$$ \text{score}(d, q) = 0.7 \cdot \text{cosine}(\vec{d}, \vec{q}) + 0.3 \cdot \text{ts_rank}(d, q) + \text{authority_boost}(d) $$

Where:

  • $\vec{d}$ = document embedding (1536-dim, text-embedding-3-small)
  • $\vec{q}$ = query embedding
  • $\text{ts_rank}$ = PostgreSQL full-text ranking
  • $\text{authority_boost}$ = +1.0 for mandatory, +0.5 for guideline, 0 for informational

Document Processing Pipeline

graph LR UPLOAD["Document Upload<br/>PDF, MD, TXT"] --> CHUNK["Chunking<br/>~500 tokens/chunk"] CHUNK --> EMBED["Embedding<br/>text-embedding-3-small<br/>1536 dimensions"] EMBED --> STORE["pgvector Storage<br/>HNSW Index<br/>m=16, ef=64"] STORE --> SEARCH["Hybrid Search<br/>cosine + tsvector"] style EMBED fill:#e94560,stroke:#fff,color:#fff

External REST API

Axiom exposes a Bearer-token-authenticated REST API for external integrations:

POST /api/v1/axiom/{projectId}/search
Authorization: Bearer <project-token>

{ "query": "GDPR data retention", "limit": 5 }

6. Project Sync Pipeline

The 9-phase sync pipeline processes GitHub repositories through progressive intelligence extraction.

graph LR subgraph Phase1["Phase 1: Core Sync"] P["PREPARE<br/>Clone/Pull"] --> S["SCAN<br/>Detect Changes"] S --> I["IMPORT<br/>Files + Memory"] I --> F["FINALIZE<br/>Stats + Cleanup"] end subgraph Phase2["Phase 2: Intelligence"] CA["CODE ANALYSIS<br/>Pattern Detection"] D["DOCS<br/>Auto-Generation"] end subgraph Phase3["Phase 3: Knowledge"] CO["CONSOLIDATION<br/>Pattern Extraction"] AX["AXIOM<br/>Document Processing"] EM["EMBEDDINGS<br/>Vector Generation"] end F --> CA --> D --> CO --> AX --> EM style Phase1 fill:#1a1a2e,stroke:#e94560,color:#fff style Phase2 fill:#16213e,stroke:#0f3460,color:#fff style Phase3 fill:#0f3460,stroke:#533483,color:#fff

Non-Fatal Phase Design

Phases 2–3 are non-fatal by design — errors are logged as warnings and the pipeline continues:

graph TD PHASE["Phase N Execution"] --> TRY["try { execute() }"] TRY -->|Success| YIELD_OK["yield { phase, stats }"] TRY -->|Error| CATCH["catch (error)"] CATCH --> WARN["yield { type: 'warning',<br/>message: '[WARN] Phase N failed' }"] WARN --> NEXT["Continue to Phase N+1"] YIELD_OK --> NEXT

Sync Statistics

interface SyncStats {
  // Phase 1
  totalFiles: number;
  filesNew: number;
  filesUpdated: number;
  filesDeleted: number;
  memoryNew: number;
  memoryUpdated: number;
  // Phase 2
  patternsFound: number;
  docsGenerated: number;
  // Phase 3
  consolidationPatterns: number;
  axiomDocsProcessed: number;
  embeddingsGenerated: number;
}

7. Consolidation & Memory

Pattern Extraction Pipeline

graph TB MEM["Memory Entries<br/>from synced projects"] --> EXTRACT["extractConsolidationPatterns()"] EXTRACT --> PAT["Patterns<br/>category + confidence"] PAT --> HINTS["generatePromptHints()"] HINTS --> MD["Markdown Injection<br/>{{consolidations}} variable"] MD --> WF["Workflow Steps<br/>Context-enriched prompts"]

Workflow Insights Lifecycle

graph LR REV["Review Step"] --> KP["Key Point Extraction<br/>severity + category"] KP --> PAIR["Auto-Pairing<br/>pain ↔ strength"] PAIR --> SAVE["SaveInsightsDialog<br/>User approval"] SAVE --> DB["workflow_insights<br/>table"] DB --> EMBED["generateEmbedding()"] EMBED --> VEC["pgvector HNSW<br/>1536-dim"] VEC --> SEARCH["MemoryPicker<br/>Hybrid search"] SEARCH --> INJECT["{{memory}} variable<br/>in future workflows"]

Insight Search Formula

$$ \text{relevance}(i, q) = 0.7 \cdot \cos(\vec{i}, \vec{q}) + 0.3 \cdot \text{ts_rank}(i, q) $$

Using pgvector HNSW index with parameters $m = 16$, $\text{ef_construction} = 64$, and vector_cosine_ops distance function.

8. Multi-Tenancy & Security

Row-Level Security

graph TD REQ["Incoming Request"] --> JWT["JWT Session<br/>Extract tenantId"] JWT --> RLS["PostgreSQL RLS Policy<br/>current_setting('app.tenant_id')"] RLS --> DATA["Tenant-Scoped Data<br/>Automatic isolation"] style RLS fill:#e94560,stroke:#fff,color:#fff

Every data query passes through PostgreSQL RLS policies. The middleware sets app.tenant_id on the database connection before any query executes. There is no application-level filtering — isolation is enforced at the database engine level.

Rate Limiting

Endpoint Type Limit Window
General API 100 requests 1 minute
LLM Operations 10 requests 1 minute

Rate limiting is fail-open — if Redis is unavailable, requests proceed. This prevents a Redis outage from cascading into a platform outage.

9. LLM Provider Architecture (BYOK)

Bring Your Own Key

graph TB USER["Tenant Admin"] --> VAULT["API Key Vault<br/>Admin Dashboard"] VAULT --> ENC["AES-256-GCM Encryption<br/>at rest"] ENC --> DB["Encrypted in PostgreSQL"] REQ["Runtime Request"] --> RESOLVE["resolveProvider()<br/>per-request"] RESOLVE --> DEC["Decrypt API Key<br/>AES-256-GCM"] DEC --> CALL["Provider API Call<br/>Tenant's own key"] style ENC fill:#e94560,stroke:#fff,color:#fff style DEC fill:#e94560,stroke:#fff,color:#fff

Supported Providers

Provider Models Cost (per 1M tokens)
Anthropic Claude 4.x, Claude Haiku $3–15 input, $15–75 output
OpenAI GPT-4o, GPT-4-turbo $2.50–10 input, $10–30 output
Google Gemini Pro, Gemini Ultra $1.25–7 input, $5–21 output
Ollama Local models $0 (self-hosted)
Kimi Moonshot v1 $1.50 input, $5 output

Encryption Details

  • Algorithm: AES-256-GCM (authenticated encryption)
  • Key derivation: Unique IV per encryption operation
  • Storage: Ciphertext + IV + auth tag in PostgreSQL
  • Decryption: Per-request, never cached in memory
  • Access: Only the owning tenant can trigger decryption via their session

10. Performance & Cost Models

Token Efficiency

For a typical 5-step workflow with digest compression:

$$ T_{\text{without digest}} = T_{\text{sys}} + \sum_{i=1}^{5} |s_i| \approx 4000 + 5 \times 3000 = 19{,}000 \text{ tokens} $$

$$ T_{\text{with digest}} = T_{\text{sys}} + \sum_{i=1}^{5} |d_i| \approx 4000 + 5 \times 600 = 7{,}000 \text{ tokens} $$

$$ \text{Savings} = 1 - \frac{7{,}000}{19{,}000} = 63.2% $$

Sync Pipeline Throughput

For a repository with 500 files and 50 memory entries:

Phase Typical Duration Parallelism
Prepare 2–5s Sequential
Scan 1–3s Sequential
Import 5–15s Batch (50 files/batch)
Finalize <1s Sequential
Code Analysis 10–30s Per-file
Docs 5–15s Sequential
Consolidation 3–10s Sequential
Axiom 5–20s Per-document
Embeddings 2–8s Batch

Total: 33–107 seconds for a full 9-phase sync with intelligence extraction.

Vector Search Performance

pgvector HNSW index characteristics:

$$ \text{Search complexity} = O(\log n \cdot m \cdot \text{ef_search}) $$

With $m = 16$ and default $\text{ef_search} = 40$:

  • 1,000 insights: ~2ms
  • 10,000 insights: ~5ms
  • 100,000 insights: ~12ms

nyxCore — Intelligence through structured opposition.

Previous
System Architecture
Next
Energy & Cost Models